EP1338938A1 - Protection against unauthorised execution of a program on an IC card - Google Patents
Protection against unauthorised execution of a program on an IC card Download PDFInfo
- Publication number
- EP1338938A1 EP1338938A1 EP02290449A EP02290449A EP1338938A1 EP 1338938 A1 EP1338938 A1 EP 1338938A1 EP 02290449 A EP02290449 A EP 02290449A EP 02290449 A EP02290449 A EP 02290449A EP 1338938 A1 EP1338938 A1 EP 1338938A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- application
- token
- remote server
- portable object
- lrs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
Definitions
- the invention concerns a method of controlling the use of an application provided on a portable object.
- the portable object can be, for example, a Subscriber Identity Module ("SIM”), a smart card, a cell phone or any portable object capable of executing a program written in a computer language.
- SIM Subscriber Identity Module
- a method of controlling the use of an application capable of being run on a portable object is characterized in that the method comprises the following steps:
- An application cannot run without the presence of a valid token.
- the owner of the application can therefore control the use of the application, even if the application has been delivered via an open framework.
- the invention thus allows, for example, pay-per-use applications, wherein a licence needs to be purchased in order to use the application in a certain fashion.
- FIG. 1 shows a SIM card SIC associated with a cell phone MP.
- the SIM card SIC and the cell phone MP are used by an end user.
- the SIM card SIC associated with the cell phone MP are in relation with a licensing remote server LRS and an application remote server ARS.
- the licensing remote server LRS and the application remote server ARS are in relation with the SIM card SIC associated to the cell phone MP through a bi-directional communication channel BCC.
- This bi-directional communication channel BCC can be, for example, a Short Message Service (“SMS”), a General Packet Radio Service (“GPRS”), an Internet Protocol (“IP”), infrared or any other bi-directional communication channel.
- SMS Short Message Service
- GPRS General Packet Radio Service
- IP Internet Protocol
- the licensing remote server LRS and the application remote server ARS are in relation with respectively a first database DB1 and a second database DB2.
- the first database DB1 comprises a plurality of data related to different users. For each user the database comprises, for example, the name N of the user, the phone number PN, an identification data IDDA related to an application which is on the cell phone MP associated with the SIM card SIC of the user.
- the first database DB1 further comprises an encryption key EK, a status STA concerning an application used by the user and an area for storing a licence token TK.
- the first database DB1 may also comprise any other elements concerning the user, the different applications he uses and the SIM card SIC associated with the mobile phone MP.
- the licensing remote server LRS and the application remote server ARS communicate to the cell phone MP associated with the SIM card SIC via the bi-directional communication channel through a network interface NI.
- the second database DB2 comprises a plurality of applications.
- FIG.2 shows more details of the SIM card SIC.
- the SIM card SIC comprises a processor PROC, an interface device I/O for the input or output of data and a data area DD comprising identification elements related to the SIM card SIC and its owner. These identification elements comprise, for example, the Integrated Circuit Card IDentification number ICCID and the name N of the user.
- the SIM card SIC further comprises an operating system OS and an application interpreter I.
- the application interpreter I is in relation with a plurality of application program interface APIs, for example, functions or classes.
- the application interpreter I is also in relation with a plurality of applications A1, A2,.. AN to be executed. These applications A1, ... An can use the different applications program interface API through the application interpreter I.
- the SIM card SIC also comprises a storage area SA, which can be accessed through the application program interface API. The access right to that storage area SA is managed by the operating system OS.
- FIG. 3 illustrates the structure of an application A.
- the application A comprises a code area CA and a data area DA.
- the data area DA comprises data related to the application A and an area for storing at least one token TK.
- the code area CA comprises code, in particular at least one specific token-validating program TVP.
- the token TK is a data that has a specific value.
- the value is, for example, related to an identification of the SIM card SIC, or to an identification of the application that can run on the SIM card SIC, or both identifications.
- the value of the token TK can further be related to a certain type of licence.
- the value of the token TK may be a function of, for example, the identification of the SIM card SIC, the identification of the application and the type of licence.
- a token TK can therefore only be used on the specific SIM card SIC it is computed for.
- the given application can be, for example, a weather forecast application.
- the end user can then choose between three types of licence.
- Three different token TK will thus be associated with this weather forecast application.
- the application comprises different services, for example, a weather forecast service and a game service. For each service, different types of licence can be associated.
- the SIM card SIC may comprise, for example, a specific token-validating program TVP for each token TK.
- the SIM card SIC may comprise a unique token-validating program TVP that is capable of checking the validity of the three different token TK.
- a token validating program TVP is advantageously stored in the code area CA of the application A.
- a token TK is encrypted through an encrypting key. And the token TK can be decrypted only through a decrypting key.
- FIG. 4 shows the different steps of the method according to the invention.
- a starting step STAR an application loaded on the SIM card SIC is started.
- the application verifies whether a token TK associated to the application is present or not.
- the token TK may be stored, for example, in the data area DA of the application.
- the token TK may be stored in a specific file F located on the SIM card SIC.
- Such a file F may comprise a plurality of tokens TK.
- each token may be stored in a different file.
- a token TK is present, in a first validating step VAL1, the application verifies if the token TK is valid.
- the application If the token TK is encrypted, the application first decrypts the token TK. Subsequently, the application checks the validity of the token TK by means of the corresponding token-validating program TVP.
- the application comprises different services, for example, a weather forecast service and a game service.
- the weather forecast service is paid by Mr. Nobody, for a time period ranging from a date T1 to a date T2.
- the game service is paid by Mr. Nobody, for a time period ranging from a date T3 to a date T4.
- These parameters (T1,T2,T3,T4,Mr. Nobody) are contained in the token TK.
- the token-validating program TVP will extract these different parameters (T1,T2,T3,T4, Mr. Nobody) from the token TK.
- the token-validating program TVP compares these parameters (T1,T2,T3,T4, M. Nobody) with, for example, the present time T and the identification elements stored in the data area DD.
- the data area DD comprises identification elements related to the SIM card SIC and its owner. The application can thus check the validity of the token TK.
- the application continues to run. If the present token TK is not valid, in an application-aborting step ABO1, the running of the application is aborted.
- a licence request is sent to the licensing remote server LRS to require a token TK.
- the licence request REQ can be made by a specific application different from the application to be run, by direct human interface request or by means of a specific file F comprising different tokens TK.
- This file F can be located on the SIM card SIC.
- the licence request includes the identification elements related to the SIM card SIC and its owner, which elements are comprised in the data area DD as shown in figure 2.
- the licensing remote server LRS effects certain steps in response to the licence request:
- the SIM card SIC receives the response comprising the token TK from the licensing remote server LRS.
- the application checks the received token TK to know whether the token is valid or not.
- the received token TK is decrypted by means of a decrypting key located on the SIM card SIC.
- a token-validating program TVP checks whether the received token TK is valid or not.
- the application can continue to run. If the received token TK is not valid, in a second application-aborting step ABO2 the running of the application is aborted.
- the application to be run was already loaded on the SIM card SIC. But if the application to be run is not loaded on the SIM card SIC, the application can be downloaded from the second database DB2 of the application remote server ARS. The application remote server ARS then sends the requested application to the SIM card SIC.
- the application remote server ARS can also send a request to the licensing remote server LRS for sending a token TK from the licensing remote server LRS to the SIM card SIC. The request can also be made from the SIM card SIC.
- the application interpreter I can also be loaded from the application remote server ARS.
- the application to be run can also be loaded from a specific card reader available, for example, at a sales outlet.
- the licensing remote server LRS and the application remote server ARS can be a single remote server.
- the applications were loaded on a SIM card associated with a cell phone MP. More generally the applications can be loaded on any portable object capable of running a program written in a computer language.
- the computer language can be an object oriented language, in particular an object oriented language using an application interpreter. But the computer language can also be a compiled language.
- the portable object can be, for example, a smart card, a cell phone, or a personal digital assistant PDA.
- the token TK received from the licensing remote server LRS is located in the application and/or in the specific file F. But the token TK can be located elsewhere in the portable object SC.
- a temporary licence token there can be a temporary licence token.
- the token can furthermore contain configuration elements to activate or deactivate part of the application.
- Billing can be done on the licensing remote server LRS.
- the licensing scheme can be based on the database DB1.
- asymmetrical keys are used to encrypt or decrypt the token TK, that is a private encrypting key and a public decrypting key have been used, but symmetrical keys can also be used.
- an application can easily be delivered in an open framework.
- a digital signature can be associated with the application, so as to allow authentication.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Microelectronics & Electronic Packaging (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Stored Programmes (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
A method of controlling the use of an
application. The application is capable of being
executed on a portable object (SC. The method is
characterized in that the method comprises the following
steps:
- a requesting step (REQ), in which a licence request is sent to a licensing remote server LRS ;
- a sending step (SEN), in which the licensing remote server (LRS) sends a token TK to the portable object (SC);
- a validating step (VAL2), in which the token (TK) is checked so as to determine whether the token is valid or not; and
- if the token (TK) is not valid, in an application-aborting step (ABO2), the execution of the application is aborted.
Description
- The invention concerns a method of controlling the use of an application provided on a portable object. The portable object can be, for example, a Subscriber Identity Module ("SIM"), a smart card, a cell phone or any portable object capable of executing a program written in a computer language.
- Applications are generally preloaded on the portable object during a personalization step. Due to the lack of standards in the distribution scheme, it is difficult to get them onboard later on. These preloaded applications are specific to a particular portable object. During the personalization step, these applications must be checked on each portable object.
- In the context of cards and mobile, the standardisation of the infrastructure leads to more openness. It is then possible to load an application on a portable object without control of its developer or owner.
- It is an object of the invention to allow a better control of the use of an application capable of being executed on a portable object.
- According to one aspect of the invention, a method of controlling the use of an application capable of being run on a portable object (SC), is characterized in that the method comprises the following steps:
- a requesting step (REQ), in which a licence request is sent to a licensing remote server (LRS) ;
- a sending step (SEN), in which the licensing remote server (LRS) sends a token (TK) to the portable object (SC);
- a validating step (VAL2), in which the token (TK) is checked so as to determine whether the token is valid or not; and
- if the token (TK) is not valid, in an application-aborting step (ABO2), the running of the application is aborted.
- An application cannot run without the presence of a valid token. The owner of the application can therefore control the use of the application, even if the application has been delivered via an open framework. The invention thus allows, for example, pay-per-use applications, wherein a licence needs to be purchased in order to use the application in a certain fashion.
- These and other aspects of the invention will be described in greater detail hereinafter with reference to drawings.
-
- Figure 1 illustrates a system using the method according to the invention;
- Figure 2 illustrates a structure of a portable object;
- Figure 3 illustrates a structure of an application; and
- Figure 4 illustrates the different steps of the method according to the invention.
- FIG. 1 shows a SIM card SIC associated with a cell phone MP. The SIM card SIC and the cell phone MP are used by an end user. The SIM card SIC associated with the cell phone MP are in relation with a licensing remote server LRS and an application remote server ARS. The licensing remote server LRS and the application remote server ARS are in relation with the SIM card SIC associated to the cell phone MP through a bi-directional communication channel BCC. This bi-directional communication channel BCC can be, for example, a Short Message Service ("SMS"), a General Packet Radio Service ("GPRS"), an Internet Protocol ("IP"), infrared or any other bi-directional communication channel.
- The licensing remote server LRS and the application remote server ARS are in relation with respectively a first database DB1 and a second database DB2.
- The first database DB1 comprises a plurality of data related to different users. For each user the database comprises, for example, the name N of the user, the phone number PN, an identification data IDDA related to an application which is on the cell phone MP associated with the SIM card SIC of the user. The first database DB1 further comprises an encryption key EK, a status STA concerning an application used by the user and an area for storing a licence token TK. The first database DB1 may also comprise any other elements concerning the user, the different applications he uses and the SIM card SIC associated with the mobile phone MP. The licensing remote server LRS and the application remote server ARS communicate to the cell phone MP associated with the SIM card SIC via the bi-directional communication channel through a network interface NI.
- The second database DB2 comprises a plurality of applications.
- FIG.2 shows more details of the SIM card SIC. The SIM card SIC comprises a processor PROC, an interface device I/O for the input or output of data and a data area DD comprising identification elements related to the SIM card SIC and its owner. These identification elements comprise, for example, the Integrated Circuit Card IDentification number ICCID and the name N of the user. The SIM card SIC further comprises an operating system OS and an application interpreter I. The application interpreter I is in relation with a plurality of application program interface APIs, for example, functions or classes. The application interpreter I is also in relation with a plurality of applications A1, A2,.. AN to be executed. These applications A1, ... An can use the different applications program interface API through the application interpreter I. The SIM card SIC also comprises a storage area SA, which can be accessed through the application program interface API. The access right to that storage area SA is managed by the operating system OS.
- FIG. 3 illustrates the structure of an application A. The application A comprises a code area CA and a data area DA. The data area DA comprises data related to the application A and an area for storing at least one token TK. The code area CA comprises code, in particular at least one specific token-validating program TVP.
- The token TK is a data that has a specific value. The value is, for example, related to an identification of the SIM card SIC, or to an identification of the application that can run on the SIM card SIC, or both identifications. The value of the token TK can further be related to a certain type of licence. Thus the value of the token TK may be a function of, for example, the identification of the SIM card SIC, the identification of the application and the type of licence.
- A token TK can therefore only be used on the specific SIM card SIC it is computed for. Let it be assumed, for example, that for a given application there are 3 different licence types. For each licence type there is a different token TK. The given application can be, for example, a weather forecast application. For example, the end user can then choose between three types of licence. A first licence type offering a one-day forecast, a second licence type offering a three-day forecast and a third licence type offering a one-day forecast for a one-month period. Three different token TK will thus be associated with this weather forecast application. We can also imagine that the application comprises different services, for example, a weather forecast service and a game service. For each service, different types of licence can be associated.
- For example, let it be assumed that for a given application A there are three different tokens TK. The SIM card SIC may comprise, for example, a specific token-validating program TVP for each token TK. Alternatively, the SIM card SIC may comprise a unique token-validating program TVP that is capable of checking the validity of the three different token TK. A token validating program TVP is advantageously stored in the code area CA of the application A.
- Advantageously, a token TK is encrypted through an encrypting key. And the token TK can be decrypted only through a decrypting key.
- FIG. 4 shows the different steps of the method according to the invention.
- In a starting step STAR, an application loaded on the SIM card SIC is started. In a token-verifying step VER1, the application verifies whether a token TK associated to the application is present or not. The token TK may be stored, for example, in the data area DA of the application. Alternatively, the token TK may be stored in a specific file F located on the SIM card SIC. Such a file F may comprise a plurality of tokens TK. Alternatively, each token may be stored in a different file.
- If a token TK is present, in a first validating step VAL1, the application verifies if the token TK is valid.
- If the token TK is encrypted, the application first decrypts the token TK. Subsequently, the application checks the validity of the token TK by means of the corresponding token-validating program TVP.
- Let it be assumed, for example, that the application comprises different services, for example, a weather forecast service and a game service. Let further suppose that the weather forecast service is paid by Mr. Nobody, for a time period ranging from a date T1 to a date T2. Let us further suppose that the game service is paid by Mr. Nobody, for a time period ranging from a date T3 to a date T4. These parameters (T1,T2,T3,T4,Mr. Nobody) are contained in the token TK. At a present time T, the token-validating program TVP will extract these different parameters (T1,T2,T3,T4, Mr. Nobody) from the token TK. The token-validating program TVP then compares these parameters (T1,T2,T3,T4, M. Nobody) with, for example, the present time T and the identification elements stored in the data area DD. The data area DD comprises identification elements related to the SIM card SIC and its owner. The application can thus check the validity of the token TK.
- If the present token TK is valid, in a first continuing step CON1 the application continues to run. If the present token TK is not valid, in an application-aborting step ABO1, the running of the application is aborted.
- If no token TK is present in the application, in a requesting step REQ, a licence request is sent to the licensing remote server LRS to require a token TK. The licence request REQ can be made by a specific application different from the application to be run, by direct human interface request or by means of a specific file F comprising different tokens TK. This file F can be located on the SIM card SIC. The licence request includes the identification elements related to the SIM card SIC and its owner, which elements are comprised in the data area DD as shown in figure 2.
- The licensing remote server LRS effects certain steps in response to the licence request:
- in a storing step STOR, the licensing remote server LRS stores the identification elements, which are included in the licence request, in the first database DB1;
- in a licence-verifying step VER2, the licensing remote server LRS verifies that the user claiming for a licence is authorized to do so. This can be done, for example, by means of the user-related data included in the first database DB1 and the identification elements;
- if the verification is not positive, the request procedure is aborted in a request-aborting step ABO. The licensing remote server LRS can then send a message for indicating that the procedure is aborted to the SIM card SIC;
- if the verification is positive the licensing remote server LRS prepares the token TK in a preparing step PREP. For example, in this step the token TK is encrypted through the encryption key EK. The token TK can thus be decrypted only by using a decrypting key;
- in a formatting step FOR, the licensing remote server LRS formats a response comprising the token TK;
- in a sending step SEN, the licensing remote server LRS sends the response to the SIM card SIC for storage. The token included in the response is stored in the specific file F and/or in the data area DA of the current application being executed;
- in a confirmation step GAT, the licensing remote server LRS receives an acknowledgement from the SIM card SIC that the response has been well-received;
- in an updating step UPD, the licensing remote server LRS updates the first database DB1. The licence distribution shows the number of tokens TK having already been deployed and the type of these deployed tokens TK.
- The SIM card SIC receives the response comprising the token TK from the licensing remote server LRS. In a validating step VAL2, the application checks the received token TK to know whether the token is valid or not. The received token TK is decrypted by means of a decrypting key located on the SIM card SIC. A token-validating program TVP checks whether the received token TK is valid or not.
- If the received token TK is valid, in a second continuing step CON2, the application can continue to run. If the received token TK is not valid, in a second application-aborting step ABO2 the running of the application is aborted.
- In the above mentioned mode of realization, the application to be run was already loaded on the SIM card SIC. But if the application to be run is not loaded on the SIM card SIC, the application can be downloaded from the second database DB2 of the application remote server ARS. The application remote server ARS then sends the requested application to the SIM card SIC. The application remote server ARS can also send a request to the licensing remote server LRS for sending a token TK from the licensing remote server LRS to the SIM card SIC. The request can also be made from the SIM card SIC.
- The application interpreter I can also be loaded from the application remote server ARS.
- In another mode of realization, the application to be run can also be loaded from a specific card reader available, for example, at a sales outlet.
- In another mode of realization, the licensing remote server LRS and the application remote server ARS can be a single remote server.
- In the particular mode of realization, the applications were loaded on a SIM card associated with a cell phone MP. More generally the applications can be loaded on any portable object capable of running a program written in a computer language. Advantageously the computer language can be an object oriented language, in particular an object oriented language using an application interpreter. But the computer language can also be a compiled language. The portable object can be, for example, a smart card, a cell phone, or a personal digital assistant PDA.
- Advantageously the token TK received from the licensing remote server LRS is located in the application and/or in the specific file F. But the token TK can be located elsewhere in the portable object SC.
- In another mode of realization, there can be a temporary licence token. The token can furthermore contain configuration elements to activate or deactivate part of the application. Billing can be done on the licensing remote server LRS. The licensing scheme can be based on the database DB1.
- In the above modes of realization, asymmetrical keys are used to encrypt or decrypt the token TK, that is a private encrypting key and a public decrypting key have been used, but symmetrical keys can also be used.
- Finally, with the present invention an application can easily be delivered in an open framework. In addition a digital signature can be associated with the application, so as to allow authentication.
Claims (4)
- A method of controlling the use of an application capable of being run on a portable object (SC), is characterized in that the method comprises the following steps:a requesting step (REQ), in which a licence request is sent to a licensing remote server (LRS) ;a sending step (SEN), in which the licensing remote server (LRS) sends a token (TK) to the portable object (SC) ;a validating step (VAL2), in which the token (TK) is checked so as to determine whether the token is valid or not; andif the token (TK) is not valid, in an application-aborting step (ABO2), the running of the application is aborted.
- The method according to claim 1, characterized in that the portable object (SC) is a SIM card SIC.
- The method according to claim 1, characterized in that the token (TK) is encrypted and in that the portable object (SC) decrypts the token (TK) before checking the validity of the token (TK).
- The method according to claim 1, is characterized in that the requesting step (REQ) is preceded by a verifying step to check if the application is present on the portable object (SC) ; and if not to cause the portable object (SC) to download the application from an application remote server (ARS).
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02290449A EP1338938A1 (en) | 2002-02-22 | 2002-02-22 | Protection against unauthorised execution of a program on an IC card |
JP2003570228A JP2006514788A (en) | 2002-02-22 | 2003-02-21 | Control of applications provided to mobiles |
CNB038052741A CN100345077C (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
EP03702922A EP1483640A2 (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
US10/505,599 US20050091544A1 (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
PCT/IB2003/000648 WO2003071401A2 (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
AU2003206039A AU2003206039A1 (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02290449A EP1338938A1 (en) | 2002-02-22 | 2002-02-22 | Protection against unauthorised execution of a program on an IC card |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1338938A1 true EP1338938A1 (en) | 2003-08-27 |
Family
ID=27635903
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP02290449A Withdrawn EP1338938A1 (en) | 2002-02-22 | 2002-02-22 | Protection against unauthorised execution of a program on an IC card |
EP03702922A Ceased EP1483640A2 (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP03702922A Ceased EP1483640A2 (en) | 2002-02-22 | 2003-02-21 | Controlling an application provided on a portable object |
Country Status (6)
Country | Link |
---|---|
US (1) | US20050091544A1 (en) |
EP (2) | EP1338938A1 (en) |
JP (1) | JP2006514788A (en) |
CN (1) | CN100345077C (en) |
AU (1) | AU2003206039A1 (en) |
WO (1) | WO2003071401A2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1557735A2 (en) * | 2003-12-18 | 2005-07-27 | NTT DoCoMo, Inc. | Communication system, communication terminal device, and information storage module for restricting use of content |
WO2006054980A1 (en) | 2004-11-15 | 2006-05-26 | Cingular Wireless Ii, Llc | Programming and/or activating of a subscriber identity module (sim) for an analog telephone adapter (ata) device |
US7287161B2 (en) | 2002-12-27 | 2007-10-23 | Nokia Corporation | Method and system for testing a program, and a device |
US8380180B2 (en) | 2004-11-15 | 2013-02-19 | At&T Mobility Ii Llc | Remote programming/activation of SIM enabled ATA device |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007513402A (en) * | 2003-11-06 | 2007-05-24 | インテュウェーブ リミテッド | Secure multi-entity access to resources on mobile phones |
EP1536606A1 (en) | 2003-11-27 | 2005-06-01 | Nagracard S.A. | Method for authenticating applications |
US7191288B2 (en) * | 2004-02-24 | 2007-03-13 | Sun Microsystems, Inc. | Method and apparatus for providing an application on a smart card |
US7374099B2 (en) * | 2004-02-24 | 2008-05-20 | Sun Microsystems, Inc. | Method and apparatus for processing an application identifier from a smart card |
US7165727B2 (en) | 2004-02-24 | 2007-01-23 | Sun Microsystems, Inc. | Method and apparatus for installing an application onto a smart card |
US7140549B2 (en) * | 2004-02-24 | 2006-11-28 | Sun Microsystems, Inc. | Method and apparatus for selecting a desired application on a smart card |
US7232073B1 (en) | 2004-12-21 | 2007-06-19 | Sun Microsystems, Inc. | Smart card with multiple applications |
US20080222604A1 (en) * | 2005-03-07 | 2008-09-11 | Network Engines, Inc. | Methods and apparatus for life-cycle management |
US20090089871A1 (en) * | 2005-03-07 | 2009-04-02 | Network Engines, Inc. | Methods and apparatus for digital data processor instantiation |
EP1965330A3 (en) * | 2007-02-28 | 2010-02-10 | Ricoh Company, Ltd. | Information processing system, information processor, image forming apparatus, and information processing method |
CN101720085B (en) * | 2009-11-18 | 2012-08-15 | 华为终端有限公司 | Application method and device of intelligent card |
US8453258B2 (en) * | 2010-09-15 | 2013-05-28 | Bank Of America Corporation | Protecting an electronic document by embedding an executable script |
US8868915B2 (en) * | 2010-12-06 | 2014-10-21 | Verizon Patent And Licensing Inc. | Secure authentication for client application access to protected resources |
US8763159B1 (en) * | 2012-12-05 | 2014-06-24 | Parallels IP Holdings GmbH | System and method for application license management in virtual environments |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6223291B1 (en) * | 1999-03-26 | 2001-04-24 | Motorola, Inc. | Secure wireless electronic-commerce system with digital product certificates and digital license certificates |
US20020013772A1 (en) * | 1999-03-27 | 2002-01-31 | Microsoft Corporation | Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out / checking in the digital license to / from the portable device or the like |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996007256A1 (en) * | 1994-08-30 | 1996-03-07 | Kokusai Denshin Denwa Co., Ltd. | Certifying system |
FI105637B (en) * | 1997-07-02 | 2000-09-15 | Sonera Oyj | A method for managing applications stored on a subscriber identity module |
US6226618B1 (en) * | 1998-08-13 | 2001-05-01 | International Business Machines Corporation | Electronic content delivery system |
US20030088516A1 (en) * | 1999-12-21 | 2003-05-08 | Eric B. Remer | Software anti-piracy licensing |
US7155415B2 (en) * | 2000-04-07 | 2006-12-26 | Movielink Llc | Secure digital content licensing system and method |
WO2001092993A2 (en) * | 2000-06-02 | 2001-12-06 | Vigilant Systems, Inc. | System and method for licensing management |
CN1202682C (en) * | 2000-07-07 | 2005-05-18 | 黎明网络有限公司 | Method for dynamic obtaining value-added manu of short message of mobile telephone set |
US7010808B1 (en) * | 2000-08-25 | 2006-03-07 | Microsoft Corporation | Binding digital content to a portable storage device or the like in a digital rights management (DRM) system |
US6959320B2 (en) * | 2000-11-06 | 2005-10-25 | Endeavors Technology, Inc. | Client-side performance optimization system for streamed applications |
US6959436B2 (en) * | 2000-12-15 | 2005-10-25 | Innopath Software, Inc. | Apparatus and methods for intelligently providing applications and data on a mobile device system |
JP2002259606A (en) * | 2001-02-28 | 2002-09-13 | Internatl Business Mach Corp <Ibm> | Updating method for program use permission period, use permitting method for program, information processing system, and program |
EP1243998B1 (en) * | 2001-03-21 | 2017-04-19 | Excalibur IP, LLC | A technique for license management and online software license enforcement |
US7203966B2 (en) * | 2001-06-27 | 2007-04-10 | Microsoft Corporation | Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices |
US7120429B2 (en) * | 2001-08-13 | 2006-10-10 | Qualcomm Inc. | System and method for licensing applications on wireless devices over a wireless network |
US6973305B2 (en) * | 2003-09-10 | 2005-12-06 | Qualcomm Inc | Methods and apparatus for determining device integrity |
-
2002
- 2002-02-22 EP EP02290449A patent/EP1338938A1/en not_active Withdrawn
-
2003
- 2003-02-21 JP JP2003570228A patent/JP2006514788A/en active Pending
- 2003-02-21 EP EP03702922A patent/EP1483640A2/en not_active Ceased
- 2003-02-21 AU AU2003206039A patent/AU2003206039A1/en not_active Abandoned
- 2003-02-21 CN CNB038052741A patent/CN100345077C/en not_active Expired - Fee Related
- 2003-02-21 US US10/505,599 patent/US20050091544A1/en not_active Abandoned
- 2003-02-21 WO PCT/IB2003/000648 patent/WO2003071401A2/en active Search and Examination
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6223291B1 (en) * | 1999-03-26 | 2001-04-24 | Motorola, Inc. | Secure wireless electronic-commerce system with digital product certificates and digital license certificates |
US20020013772A1 (en) * | 1999-03-27 | 2002-01-31 | Microsoft Corporation | Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out / checking in the digital license to / from the portable device or the like |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7287161B2 (en) | 2002-12-27 | 2007-10-23 | Nokia Corporation | Method and system for testing a program, and a device |
EP1557735A2 (en) * | 2003-12-18 | 2005-07-27 | NTT DoCoMo, Inc. | Communication system, communication terminal device, and information storage module for restricting use of content |
EP1557735A3 (en) * | 2003-12-18 | 2006-06-21 | NTT DoCoMo, Inc. | Communication system, communication terminal device, and information storage module for restricting use of content |
US7450929B2 (en) | 2003-12-18 | 2008-11-11 | Ntt Docomo, Inc. | Communication system, communication terminal device, and information storage module |
WO2006054980A1 (en) | 2004-11-15 | 2006-05-26 | Cingular Wireless Ii, Llc | Programming and/or activating of a subscriber identity module (sim) for an analog telephone adapter (ata) device |
US8380180B2 (en) | 2004-11-15 | 2013-02-19 | At&T Mobility Ii Llc | Remote programming/activation of SIM enabled ATA device |
Also Published As
Publication number | Publication date |
---|---|
AU2003206039A8 (en) | 2003-09-09 |
EP1483640A2 (en) | 2004-12-08 |
CN100345077C (en) | 2007-10-24 |
JP2006514788A (en) | 2006-05-11 |
WO2003071401A3 (en) | 2004-05-13 |
US20050091544A1 (en) | 2005-04-28 |
CN1639667A (en) | 2005-07-13 |
WO2003071401A2 (en) | 2003-08-28 |
AU2003206039A1 (en) | 2003-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1338938A1 (en) | Protection against unauthorised execution of a program on an IC card | |
CN101091156B (en) | System and method for providing a multi-credential authentication protocol | |
CN100562902C (en) | Be used for the method and system that safety management is stored in the data on the electronic tag | |
US7707225B2 (en) | Information processing apparatus, information processing method, and program | |
KR100978053B1 (en) | Method and apparatus for initializing a secure element in a wireless terminal | |
CN100534090C (en) | Security element commanding method and mobile terminal | |
EP1804418A1 (en) | A dynamic password authentication system and the method thereof | |
US20070186115A1 (en) | Dynamic Password Authentication System and Method thereof | |
EP2420036B1 (en) | Method and apparatus for electronic ticket processing | |
RU2411670C2 (en) | Method to create and verify authenticity of electronic signature | |
US20050137889A1 (en) | Remotely binding data to a user device | |
EP1645984A1 (en) | Information processing apparatus, information processing method, and program | |
CN101189616A (en) | Facilitating and authenticating transactions | |
KR100592411B1 (en) | Method for managing and authenticating members by using barcode and system thereof | |
CN101482962A (en) | Service data processing terminal and service data processing method | |
US20100024025A1 (en) | Authentication system and authentication server device | |
US20040172369A1 (en) | Method and arrangement in a database | |
US20140052992A1 (en) | Response to Queries by Means of the Communication Terminal of a User | |
EP2234423B1 (en) | Secure identification over communication network | |
KR101040577B1 (en) | Method and System for issuing of Mobile Application | |
CN114493565A (en) | Account association method and account association management system | |
JP2006140543A (en) | Mobile communications system, authentication server, portable telephone, and security method and program | |
JP2004110431A (en) | Personal identification system, server device, personal identification method, program and recording medium | |
Eisl | Smart Card security services for an Open Application environment used in mobile phones | |
KR20020087656A (en) | Method for certifying a right user using a wireless communication apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
AKX | Designation fees paid | ||
REG | Reference to a national code |
Ref country code: DE Ref legal event code: 8566 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: AXALTO S.A. |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20040228 |